ALAS-2023-155

Amazon Linux 2023 Security Advisory: ALAS-2023-155
Advisory Release Date: 2023-03-30 21:11 Pacific
Advisory Updated Date: 2023-04-27 20:00 Pacific

Severity: Important

References: CVE-2022-31622 CVE-2022-31623 CVE-2022-32091 CVE-2022-38791 CVE-2022-47015
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. (CVE-2022-32091)

In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. (CVE-2022-38791)

MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. (CVE-2022-47015)

Affected Packages:

mariadb105

Issue Correction:
Run dnf update mariadb105 --releasever=2023.0.20230329 to update your system.

New Packages:

aarch64:
    mariadb105-common-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-sphinx-engine-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-pam-debuginfo-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-sphinx-engine-debuginfo-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-oqgraph-engine-debuginfo-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-devel-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-backup-debuginfo-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-connect-engine-debuginfo-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-cracklib-password-check-debuginfo-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-connect-engine-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-server-debuginfo-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-test-debuginfo-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-server-utils-debuginfo-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-debuginfo-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-errmsg-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-backup-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-server-utils-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-server-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-oqgraph-engine-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-pam-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-gssapi-server-debuginfo-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-gssapi-server-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-cracklib-password-check-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-debugsource-10.5.18-1.amzn2023.0.1.aarch64
    mariadb105-test-10.5.18-1.amzn2023.0.1.aarch64

src:
    mariadb105-10.5.18-1.amzn2023.0.1.src

x86_64:
    mariadb105-server-utils-debuginfo-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-debuginfo-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-connect-engine-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-pam-debuginfo-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-oqgraph-engine-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-cracklib-password-check-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-errmsg-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-gssapi-server-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-oqgraph-engine-debuginfo-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-backup-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-connect-engine-debuginfo-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-pam-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-sphinx-engine-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-cracklib-password-check-debuginfo-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-gssapi-server-debuginfo-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-backup-debuginfo-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-sphinx-engine-debuginfo-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-common-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-server-utils-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-rocksdb-engine-debuginfo-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-rocksdb-engine-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-server-debuginfo-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-test-debuginfo-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-server-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-devel-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-debugsource-10.5.18-1.amzn2023.0.1.x86_64
    mariadb105-test-10.5.18-1.amzn2023.0.1.x86_64

Additional References

Red Hat: CVE-2022-31622, CVE-2022-31623, CVE-2022-32091, CVE-2022-38791, CVE-2022-47015

Mitre: CVE-2022-31622, CVE-2022-31623, CVE-2022-32091, CVE-2022-38791, CVE-2022-47015